Security Service Edge (SSE) Threat Protection

Security Service Edge (SSE) solutions leverage the cloud’s scalability, flexibility, and operational benefits to deliver security – Access Control, Authentication and Identity, Data Loss Prevention (DLP), DNS protection, Encryption (TLS/SSL), Exploit detection and prevention, Malware and Phishing protection (including via Browser Isolation), Cloud Access / Application control (CASB), and the ability to implement Zero Trust Network Access (ZTNA).

We have categorized these SSE capabilities into the following:

• Platform: Access Control, Authentication and Identity, Encryption (TLS/SSL), ZTNA
• Threat Prevention: Exploit and Malware Prevention, Evasions
• Data Protection: Data Loss Prevention, Cloud Access / Application control (CASB)

This methodology focuses on the Threat Prevention portion of the service.

In Q2 2024, CyberRatings.org performed an independent test of Zscaler Zero Trust Exchange against the Security Service Edge (SSE) Threat Protection Methodology v2.1 using Amazon Web Services and our facility in Austin, Texas. Zscaler Zero Trust Exchange earned a “AAA” Rating for this SSE Threat Protection test.

The product was subjected to thorough testing to determine how it handled TLS/SSL 1.2 and 1.3 cipher suites, how it defended against 205 exploits, 7,140 malware samples, and whether any of 1,124 evasions could bypass its protection. Both clear text and encrypted traffic were measured to provide a more realistic rating based on modern network traffic. Read the report to get the details on how well they performed.

In addition to the report, the detailed methodology is available with a free subscription and focuses on functionality and performance related to the Threat Prevention portion of the service, including URL Filtering, Browser Isolation, and Sandboxing. This test methodology provides general information, including a description and purpose of the platform as well as the test approach.

This SSE report is the first in a series to come in 2024.

We would like to issue a special thank you to Keysight for providing their CyPerf tool for us to test SSE. We would also like to thank TeraPackets for providing us with their Threat Replayer tool.